I have downloaded the shield-custom-realm-example from git and have been trying modify to suit our requirement, basically i need to use the custom-realm as a bridge to pass on the login credential to another system (Java app) which is going to authenticate and send back the User, Roles using a REST API.
So far all i did was to perform the rest API call in the Authenticate method in the CustomRealm.java, however i have one hick up, I am unable to fetch the Password from the message.getHeader(PW_HEADER) or request.header(USER_HEADER) and finally even from the Token of UsernamePasswordToken as the credentails() is encrypted.
Is there a way for me to get the Password out which i can pass on to the external authentication service.
Can you please show the exact rest API call you are making (please include how you specify username and password) and the realm configuration you are using from the elasticsearch.yml file
For the time being I am sending the username password in the URL with no encryption just to test out the realm part. so here is the code for the REST API
public User authenticate(UsernamePasswordToken token) {
//get the user name and password from Token
final String actualUser = token.principal();
//below here the password is encrypted hence not working
final String actualPassword = token.credentials();
Client client = Client.create();
WebResource webResource = client.resource("http://192.168.4.110:8080/RESTfulWebServiceExample/rest/ConversionService/UserPassword/"+actualUser+":"+actualPassword);
ClientResponse response = webResource.accept("text/plain").get(ClientResponse.class);
if (response.getStatus() == 200) {
streamOutput = response.getEntity(String.class);
if (!streamOutput.equals(null) && !streamOutput.isEmpty()) {
resUserName = streamOutput.substring(0, streamOutput.indexOf(":"));
String tempRoles = streamOutput.substring(streamOutput.indexOf(":") + 1);
resUserRoles = tempRoles.split(":");
return new User(resUserName, resUserRoles);
}
}
return null;
}
In the below method i thought of captruing password as it comes inside the realm in the Header, however when i debug i see that the password is always null, and the same goes with Transport message.
@Override
public UsernamePasswordToken token(RestRequest request) {
String user = request.header(USER_HEADER);
//I am unable to get the password here which at least i could use it to send in my URL for REST
if (user != null) {
String password = request.header(PW_HEADER);
if (password != null) {
return new UsernamePasswordToken(user, password);
}
}
return null;
}
I have just used the same Custom realm configuration for elasticsearch.yml except that I am not pre passing the user credentials and roles.
so you are sending http://username:password@hostname ? If so, the browser converts that into basic authentication credentials and the extract token method needs to be changed to extract that way
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.